On Tue, Jul 10, 2012 at 6:35 AM, Nico Kadel-Garcia
<[log in to unmask]> wrote:
You might also consider disabling SELinux, if the machine is behind
reasonable firewalls. SELinux has been a *disaster* in system
security, costing far more wasted productivity and engineering
resources than many of active worms or attack vectors of the Linux
world, most of which it does not really help with. (Bad PHP is bad
PHP, and SELinux does not necessarily help at all.)
let's agree to disagree on this one :-)
I have not had major issues since ... fedora 8?
It is true that selinux is a new tool and thus not so well understood by plenty of people, but I quite like it. It is quite simple once you take the time to learn it (like everything in life) and we routinely deploy settings from cfengine for it.
--
groet,
natxo